On Wed, Jul 29, 2020 at 12:55:07PM -0500, Derek Martin wrote: > On Tue, Jul 28, 2020 at 08:03:23PM +0200, sacham...@s0c4.net wrote: > > The thread, and even older threads referenced there, is from 2007. > > Since then, the security field have evolved - now we have SeLinux, > > Apparmor and other techniques which are capable to provide even > > better security than umask(077) > > None of those changes affect this issue in any meaningful way. > SELinux predates that thread by at least two years (longer, though it > was not generally available to the public until ~2005). The arguments > made in those threads still stand, and I will not repeat them here.
And FWIW, here's a more precise and detailed description I posted MUCH more recently than 2007, which explains why this is a bad idea. Everything here remains true, regardless of any evolution you think has happened in the security world. https://www.mail-archive.com/mutt-users@mutt.org/msg49810.html I think we (the Mutt developer community) should consider this the canonical argument for why umask should NEVER be configrable. This does come up often, so I wonder if it's not worth making this a FAQ entry on the website... -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
signature.asc
Description: PGP signature
